National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,103 matching records.
Displaying matches 25781 through 25800.
Vuln ID Summary CVSS Severity
CVE-2001-1145

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

Published: August 17, 2001; 12:00:00 AM -04:00
V2: 6.2 MEDIUM
CVE-2001-1305

ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.

Published: August 17, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-0522

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

Published: August 14, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Published: August 14, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0555

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.

Published: August 14, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-0559

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.

Published: August 14, 2001; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2001-0567

Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.

Published: August 14, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1292

Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.

Published: August 13, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1134

Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.

Published: August 09, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1259

Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.

Published: August 07, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1260

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.

Published: August 07, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1261

Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.

Published: August 07, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1262

Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.

Published: August 07, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1301

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.

Published: August 07, 2001; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2001-1356

NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.

Published: August 04, 2001; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2001-1304

Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.

Published: August 03, 2001; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2001-1472

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.

Published: August 03, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1060

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

Published: July 31, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Published: July 31, 2001; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2001-1056

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.

Published: July 30, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH